Vulnerabilities > W3C

DATE CVE VULNERABILITY TITLE RISK
2020-06-22 CVE-2020-4070 Cross-site Scripting vulnerability in W3C CSS Validator
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs.
network
w3c CWE-79
3.5
2009-01-28 CVE-2008-6005 Buffer Errors vulnerability in W3C Amaya web Browser 10.0.1/11.0.1
Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs.
network
low complexity
w3c CWE-119
critical
10.0
2008-11-29 CVE-2008-5282 Buffer Errors vulnerability in W3C Amaya web Browser 10.0.1
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
network
low complexity
w3c CWE-119
critical
10.0
2006-04-20 CVE-2006-1900 Remote Buffer Overflow vulnerability in W3C Amaya 9.4
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
network
high complexity
w3c
7.6
2005-10-12 CVE-2005-3183 Improper Input Validation vulnerability in W3C Libwww
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
network
w3c CWE-20
4.3
2004-12-31 CVE-2004-2274 Remote URI Parsing vulnerability in W3C Jigsaw
Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.
network
low complexity
w3c
6.4
2002-10-04 CVE-2002-1053 Cross-Site Scripting vulnerability in W3C Jigsaw 2.2
Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.
network
w3c
6.8
2002-10-04 CVE-2002-1052 Path Disclosure vulnerability in W3C Jigsaw 2.2.1
Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
network
low complexity
w3c
5.0
2002-08-12 CVE-2002-1445 Cross-Site Scripting vulnerability in W3C Cern Httpd 3.0
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
network
w3c
4.3
2000-01-18 CVE-2000-0079 Unspecified vulnerability in W3C Cern Httpd 3.0
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
network
low complexity
w3c
7.5